package cn.jinbyte.web.config;

import lombok.Data;


/**
 * 安全响应头配置
 *
 * @author jinty
 */
@Data
public class SecurityHeaderProperties {
    /**
     * 是否启用安全响应头
     */
    private boolean enabled = true;

    /**
     * Content-Security-Policy头
     */
    private String contentSecurityPolicy = "default-src 'self'";

    /**
     * X-XSS-Protection头
     */
    private String xssProtection = "1; mode=block";

    /**
     * X-Frame-Options头
     */
    private String xFrameOptions = "DENY";

    /**
     * X-Content-Type-Options头
     */
    private String contentTypeOptions = "nosniff";

    /**
     * Referrer-Policy头
     */
    private String referrerPolicy = "strict-origin-when-cross-origin";

    /**
     * Permissions-Policy头
     */
    private String permissionsPolicy = "camera=(), microphone=(), geolocation=()";
}
